[jira] [Commented] (KAFKA-5261) Performance improvement of SimpleAclAuthorizer

Tue, 29 Aug 2017 13:27:21 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-5261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16146057#comment-16146057
 ] 

ASF GitHub Bot commented on KAFKA-5261:
---------------------------------------

GitHub user simplesteph opened a pull request:

    https://github.com/apache/kafka/pull/3756

    KAFKA-5261 added cached authorizer

    attempt to improve Kafka performance by caching the results of the 
authorisation calls.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/simplesteph/kafka KAFKA-5261

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/3756.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3756
    
----
commit 4fc2c0f365b675eb471a848b29001973ec1c2aa5
Author: Stephane Maarek <[email protected]>
Date:   2017-08-29T20:03:56Z

    added cached authorizer

----


> Performance improvement of SimpleAclAuthorizer
> ----------------------------------------------
>
>                 Key: KAFKA-5261
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5261
>             Project: Kafka
>          Issue Type: Improvement
>    Affects Versions: 0.10.2.1
>            Reporter: Stephane Maarek
>
> Currently, looking at the KafkaApis class, it seems that every request going 
> through Kafka is also going through an authorize check:
> {code}
>   private def authorize(session: Session, operation: Operation, resource: 
> Resource): Boolean =
>     authorizer.forall(_.authorize(session, operation, resource))
> {code}
> The SimpleAclAuthorizer logic runs through checks which all look to be done 
> in linear time (except on first run) proportional to the number of acls on a 
> specific resource. This operation is re-run every time a client tries to use 
> a Kafka Api, especially on the very often called `handleProducerRequest` and  
> `handleFetchRequest`
> I believe a cache could be built to store the result of the authorize call, 
> possibly allowing more expensive authorize() calls to happen, and reducing 
> greatly the CPU usage in the long run. The cache would be invalidated every 
> time a change happens to aclCache
> Thoughts before I try giving it a go with a PR? 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to